Softwares

Nom
Description

SLOWDRIFT

[SLOWDRIFT] is a backdoor used by [APT37](https://attack.mitre.org/groups/G0067) against academic and strategic victims in South Korea. (Citation: FireEye APT37 Feb 2018)


SHUTTERSPEED

[SHUTTERSPEED] is a backdoor used by [APT37](https://attack.mitre.org/groups/G0067). (Citation: FireEye APT37 Feb 2018)


FlawedGrace

[FlawedGrace] is a fully featured remote access tool (RAT) written in C++ that was first observed in late 2017.(Citation: Proofpoint TA505 Jan 2019)


FLASHFLOOD

[FLASHFLOOD] is malware developed by [APT30](https://attack.mitre.org/groups/G0013) that allows propagation and exfiltration of data over removable devices. [APT30](https://attack.mitre.org/groups/G0013) may use this capability to exfiltrate data across air-gaps. (Citation: FireEye APT30)


FlawedAmmyy

[FlawedAmmyy] is a remote access tool (RAT) that was first seen in early 2016. The code for [FlawedAmmyy] was based on leaked source code for a version of Ammyy Admin, a remote access software.(Citation: Proofpoint TA505 Mar 2018)


Rifdoor

[Rifdoor] is a remote access trojan (RAT) that shares numerous code similarities with [HotCroissant](https://attack.mitre.org/software/S0431).(Citation: Carbon Black HotCroissant April 2020)


HOPLIGHT

[HOPLIGHT] is a backdoor Trojan that has reportedly been used by the North Korean government.(Citation: US-CERT HOPLIGHT Apr 2019)


GuLoader

[GuLoader] is a file downloader that has been used since at least December 2019 to distribute a variety of remote administration tool (RAT) malware, including [NETWIRE](https://attack.mitre.org/software/S0198).(Citation: Unit 42 NETWIRE April 2020)


MobileOrder

[MobileOrder] is a Trojan intended to compromise Android mobile devices. It has been used by [Scarlet Mimic](https://attack.mitre.org/groups/G0029). (Citation: Scarlet Mimic Jan 2016)


RegDuke

[RegDuke] is a first stage implant written in .NET and used by [APT29](https://attack.mitre.org/groups/G0016) since at least 2017. [RegDuke] has been used to control a compromised machine when control of other implants on the machine was lost.(Citation: ESET Dukes October 2019)